Research on mine network security system based on boundary isolation and system protection
-
摘要: 随着智能矿山信息基础设施不断建设推广,矿井终端设备在专网与公网间的切换为矿井网络引入信息安全隐患,需研究矿井网络隔离边界并构建系统防护手段。分析了矿井网络面临的主要风险,指出应对风险的关键是定义隔离边界、强化系统防护手段及研发特定井下设备。针对矿井网络安全防护需求,定义了经营管理网络与工业控制网络、传输网络与服务器区域、井下与井上工业控制网络三大隔离边界。提出了基于边界隔离与系统防护的矿井网络安全系统防护架构,设计了基于网络、主机、应用和数据4个子系统防护的矿井网络安全系统及相应的安全传输流程和防护思路。针对目前矿井网络安全防护主要侧重井上网络、缺少井下网络安全防护手段的情况,研发了矿用隔爆兼本安型网络接口作为井下网络安全防护设备,针对Modbus、Profibus、IEC 61850、RTSP等井下终端常用的工业协议制定了相应的防护规则。测试结果表明,该接口设备对网络攻击的平均识别率为98.8%,平均防护率为98.0%,千兆接口吞吐量不低于线速的95%,实现了井下信息安全防护功能,并保障了数据传输性能。Abstract: With the continuous construction and promotion of intelligent mining information infrastructure, the switching of mine terminal equipment between private and public networks has introduced information security risks to the mine network. It is necessary to study the isolation boundaries of the mine network and build system protection measures. The study analyzes the main risks faced by the mine network, and points out that the key to dealing with risks is to define isolation boundaries, strengthen system protection measures, and develop specific underground equipments. In response to the needs of mine network security protection, three major isolation boundaries have been defined: business management network and industrial control network, transmission network and server area, and underground industrial control network and industrial control network on the ground. A mine network security system protection architecture based on boundary isolation and system protection is proposed. A mine network security system based on network, host, application, and data subsystems protection is designed, along with corresponding security transmission processes and protection ideas. In response to the current situation where mine network security protection mainly focuses on networks on the ground and lacks underground network security protection measures, a mine explosion-proof and intrinsically safety network interface has been developed as underground network security protection equipment. Corresponding protection rules have been formulated for industrial protocols commonly used in underground terminals such as Modbus, Profibus, IEC 61850, RTSP, etc. The test results show that the average recognition rate of the interface device against network attacks is 98.8%, the average protection rate is 98.0%, and the throughput of the gigabit interface is not less than 95% of the line speed. It achieves underground information security protection function and ensures data transmission performance.
-
-
![]()
图 3 工业控制网络与经营管理网络安全传输拓扑
Figure 3. Security transmission topology of industrial control network and business management network
![]()
图 4 传输网络与服务器区域安全传输拓扑
Figure 4. Security transmission topology of transmission network and server area
![]()
图 6 KJJ83(A)矿用隔爆兼本安型网络接口设计
Figure 6. Design of KJJ83(A) mine explosion-proof and intrinsically safety network interface
![]()
图 7 井下集成式网络安全防护设备部署网络拓扑
Figure 7. Network topology of underground integrated network security protection equipment deployment
![]()
图 8 KJJ83(G)矿用隔爆兼本安型网络接口设计
Figure 8. Design of KJJ83(G) mine explosion-proof and intrinsically safety network interface
![]()
图 9 井下独立式网络安全防护设备部署网络拓扑
Figure 9. Network topology of underground stand-alone network security protection equipment deployment
-
[1] 王国法,刘峰,庞义辉,等. 煤矿智能化——煤炭工业高质量发展的核心技术支撑[J]. 煤炭学报,2019,44(2):349-357. WANG Guofa,LIU Feng,PANG Yihui,et al. Coal mine intellectualization:the core technology of high quality development[J]. Journal of China Coal Society,2019,44(2):349-357.
[2] 杨军,张超,杨恢凡,等. 煤炭工业互联网技术研究综述[J]. 工矿自动化,2023,49(4):23-32. YANG Jun,ZHANG Chao,YANG Huifan,et al. Research summary on coal industry Internet technology[J]. Journal of Mine Automation,2023,49(4):23-32.
[3] 王可冰,张立亚,姜玉峰,等. 煤矿5G融合通信管理平台研究[J]. 中国矿业,2023,32(1):76-81,99. WANG Kebing,ZHANG Liya,JIANG Yufeng,et al. Research on management platform of coal mine 5G converged communication[J]. China Mining Magazine,2023,32(1):76-81,99.
[4] 杨利刚. 煤矿专网与运营商公网对接方案技术的研究与探索[J]. 中国煤炭工业,2022(11):76-77. YANG Ligang. Research and exploration of the technology for connecting coal mine private networks with operator public networks[J]. China Coal Industry,2022(11):76-77.
[5] 李闪光,张金其,刘宇翔. 基于4G+5G技术的煤矿多网融合通信系统设计及研究[J]. 长江信息通信,2023,36(1):183-185. LI Shanguang,ZHANG Jinqi,LIU Yuxiang. Design and research of coal mine multi network integrated communication system based on 4G+5G technology[J]. Changjiang Information & Communications,2023,36(1):183-185.
[6] 岳涛. 煤矿网络安全等级保护建设方案[J]. 煤矿现代化,2022,31(5):114-118. YUE Tao. Construction scheme of network security grade protection in coal mine[J]. Coal Mine Modernization,2022,31(5):114-118.
[7] 赵初峰. 网络安全系统在智能化矿山中的应用[J]. 煤矿机械,2022,43(10):203-205. ZHAO Chufeng. Application of network security system in intelligent mine[J]. Coal Mine Machinery,2022,43(10):203-205.
[8] 白永明,郭林生,吴学明,等. 彬长矿业5G智能矿井建设与信息安全思考[J]. 中国煤炭,2022,48(7):107-115. BAI Yongming,GUO Linsheng,WU Xueming,et al. Thoughts on 5G intelligent mine construction and information security of Binchang Mining Group[J]. China Coal,2022,48(7):107-115.
[9] 闫光杰. 智能化煤矿工业控制系统网络安全分析及防护实践[J]. 软件,2023,44(1):144-146. YAN Guangjie. Network security analysis and protection practice of intelligent coal mine industrial control system[J]. Software,2023,44(1):144-146.
[10] 刘辛颖. 矿山通信网络信息安全问题及改善对策——评《基于超宽带无线电的矿山无线通信技术研究》[J]. 有色金属工程,2023,13(4):147. LIU Xinying. Information security issues and improvement strategies in mining communication networks-review of Research on mining wireless communication technology based on ultra wideband radio[J]. Nonferrous Metals Engineering,2023,13(4):147.
[11] 钟兆华,刘清涛. 煤矿网络安全等级保护建设规划分析[J]. 智能矿山,2022,3(4):83-89. ZHONG Zhaohua,LIU Qingtao. Analysis on construction planning of network security classified protection of cybersecurity in coal mine[J]. Journal of Intelligent Mine,2022,3(4):83-89.
[12] 权晓鹏. 智能矿井工控网络安全防护系统研究与实践[J]. 煤,2021,30(4):76-78. QUAN Xiaopeng. Research and practice of intelligent mine industrial control network security protection system[J]. Coal,2021,30(4):76-78.
[13] 中国煤炭工业协会信息化分会. 基于工业互联网的煤炭企业信息化基础设施建设白皮书(2022版)[R]. 北京:中国煤炭工业协会,2022. Information Technology Branch of China National Coal Association. White paper on construction of coal enterprise information infrastructure based on industrial Internet (2022 edition) [R]. Beijing:China National Coal Association,2022.
[14] 连龙飞,甘波平,于洋. 煤炭企业网络安全管理策略研究[J]. 煤炭经济研究,2021,41(11):63-67. LIAN Longfei,GAN Boping,YU Yang. Research on network security management strategy of coal enterprises[J]. Coal Economic Research,2021,41(11):63-67.
[15] 顾闯. 煤炭企业工控网络安全防护与预测方法研究[J]. 煤炭科学技术,2019,47(11):143-147. GU Chuang. Study on safety protection and prediction method of industrial control network in coal enterprises[J]. Coal Science and Technology,2019,47(11):143-147.
[16] 张立亚,李晨鑫,刘斌,等. 矿山物联网区块链机制研究[J]. 工矿自动化,2022,48(8):10-15. ZHANG Liya,LI Chenxin,LIU Bin,et al. Research on blockchain mechanism of mine Internet of things[J]. Journal of Mine Automation,2022,48(8):10-15.
[17] 张春坡. 黑岱沟露天煤矿工业控制网络安全防护技术研究与应用[J]. 煤炭工程,2021,53(增刊1):144-148. ZHANG Chunpo. Security protection for industrial control network of Heidaigou Open-pit Coal Mine[J]. Coal Engineering,2021,53(S1):144-148.
[18] 孙磊,孙淑昕,王博文,等. 煤矿企业数据中心网络安全服务链技术研究[J]. 工矿自动化,2022,48(7):149-154. SUN Lei,SUN Shuxin,WANG Bowen,et al. Research on network security service chain technology of data center in coal mine enterprise[J]. Journal of Mine Automation,2022,48(7):149-154.
[19] 崔文,李浩荡,丁震,等. 露天煤矿5G网络建设与网络安全研究[J]. 工矿自动化,2021,47(增刊1):36-38. CUI Wen,LI Haodang,DING Zhen,et al. Research on 5G network construction and network safety in open-pit coal mine[J]. Industry and Mine Automation,2021,47(S1):36-38.
[20] GB/T 22239−2019 信息安全技术 网络安全等级保护基本要求[S]. GB/T 22239-2019 Information security technology - Baseline for classified protection of cybersecurity[S].
[21] 陈勋,张德栋,赵英明,等. 基于等级保护2.0的中小型企业网络安全建设研究[J]. 铁路计算机应用,2021,30(8):46-51. CHEN Xun,ZHANG Dedong,ZHAO Yingming,et al. Network security construction for small and medium-sized enterprise based on classified protection 2.0 of cybersecurity[J]. Railway Computer Application,2021,30(8):46-51.
[22] 刘伯驹. 基于等保2.0网络安全和信息防御体系研究[J]. 中国安防,2021(8):89-91. LIU Boju. Network security and information defense system based on classified protection 2.0 of cybersecurity[J]. China Security & Protection,2021(8):89-91.
-
期刊类型引用(16)
1. 康岩龙. 基于轨迹盲推的人员普适定位方法. 电子设计工程. 2025(02): 68-71+76 . 
百度学术
2. 何晓晗. UWB技术人员定位系统在煤矿中的应用. 江西煤炭科技. 2025(01): 171-173+178 . 百度学术
3. 陈贤. 基于UWB的TOF与TDOA井下联合定位方法. 煤矿安全. 2025(02): 220-225 . 百度学术
4. 孙继平,彭铭. 室内电磁波传播衰减统计模型用于矿井的适用性研究. 工矿自动化. 2025(02): 1-8 . 本站查看
5. 贾佳,秦冬冬,王霞. 基于BP极大似然估计井下人员定位方法研究. 煤炭技术. 2025(05): 224-228 . 百度学术
6. 彭铭. 通用无线传输路径损耗统计模型用于矿井的适用性研究. 工矿自动化. 2025(04): 57-63+85 . 本站查看
7. 王端,刘世平,王利军. 基于机器视觉的煤矿巷道人员定位研究. 矿山机械. 2024(01): 56-60 . 百度学术
8. 孙继平,彭铭. 煤矿信息综合承载网标准研究制定. 工矿自动化. 2024(04): 1-8 . 本站查看
9. 吴文臻. 基于改进时间同步的矿井UWB优化定位方法. 工矿自动化. 2024(S1): 34-38 . 本站查看
10. 张雪军,黎卓芳. 煤矿多参数复合风险智能分级决策预警系统. 工矿自动化. 2024(S1): 88-91 . 本站查看
11. 貟婧. 基于超带宽测距算法的舞台灯光控制系统与自动追踪模型研究. 自动化与仪器仪表. 2024(06): 85-88+93 . 百度学术
12. 陈代伟,胡峰平,钱正峰,唐银. 基于3D人脸识别的煤矿人员出入井唯一性识别装置设计. 煤炭科技. 2024(04): 116-120 . 百度学术
13. 陈贤,周澍,张蓉. 一种井下人员乘车识别与定位方法. 煤矿安全. 2024(11): 217-221 . 百度学术
14. 孙继平,彭铭,刘斌. 矿井无线传输测试分析与矿用5G优选工作频段研究. 工矿自动化. 2024(10): 1-11+20 . 本站查看
15. 李烨,金业勇. 小型化双向波束矿用定位终端天线设计. 工矿自动化. 2024(11): 127-131+178 . 本站查看
16. 孙继平. 煤矿用5G通信系统标准研究制定. 工矿自动化. 2023(08): 1-8 . 本站查看
其他类型引用(5)
下载:
计量
- 文章访问数: 131
- HTML全文浏览量: 27
- PDF下载量: 38
- 被引次数: 21
